Is the Secure Gateway Service a SSL VPN?

The Secure Gateway Service is not a VPN, it uses a server-client pair to create a persistent secure connection from the on-premises network to BlueMix that then allows connections to specific resources in the on-premises network. Rather than bridging the environments at the network level, it provides granular resource control on both cloud and on-prem. In order for this connection to be made, rather than starting with everything exposed and having to limit connectivity with a VPN, we only require two outbound requests from the on-premises network and default to denying all access to local resources.

What layer of the OSI model does the Secure Gateway Service represent?

The Secure Gateway service represents layer 4 of the OSI model.

What version of TLS does the Secure Gateway Service support?

The Secure Gateway Service supports TLS version 1.2.

Beyond TLS, how is the service secure?

For the encrypted protocols, we offer both server-side and mutual authentication. Beyond that, we also offer iptables for these public-facing listeners to ensure only specific locations can initiate connections. From the Secure Gateway Client, there is also an Access Control List that determines what the client is allowed to connect to. This means that just because a resource has been defined and a public endpoint has been provided, no resource will be exposed until the Access Control List has been modified.

Which Protocols does Secure Gateway Service support?

We currently support TCP, TLS, HTTP, HTTPS, and UDP. In theory, anything operating on top of those protocols should be possible to use. Once a resource has been defined within Secure Gateway, we will provide a unique public connection point to access the resource.

Get started on Secure Gateway Service in minutes